...
- Data At Rest Policies
- Data In Transit Policies (mostly a placeholder for now, added for future use)
Data at Rest Policy
Data at rest security is applicable for the Application Instance mutable business sensitive data and storage for EVE sensitive configuration information.Application instance mutable business sensitive data will be stored in a reserved partition/directory and the security policy configuration will be applied on it.
The data at rest security policy will be applicable to application business sensitive data, covering the following aspects,
...
Data in transit security, is applicable for controller and EVE Module data exchange. The data in transit security for Application instance data traffic will be prerogative of the application software and, is out of scope for the current proposal. Currently, TLS 1.2 is used for data in transit security, for configuration/status/information exchange between the controller and EVE.Additionally, sensitive object level configuration information, viz. data store credentials, will be secured end-to-end between the controller and downloader(inside EVE), by using the device cert/key pair.Data at rest security is applicable for the Application Instance mutable business sensitive data and storage for EVE sensitive configuration information.Application instance mutable business sensitive data will be stored in a reserved partition/directory and the security policy configuration will be applied on it. The sensitive configuration for EVE, will be stored in encrypted form (cypher text), till it is ready for use by the end user. viz., data store access credentials. Currently, the data in transit is secured through TLS 1.2 framework, between the controller and EVE.
...